From 83c42254bf2089dbeb1265d2913583226e895c31 Mon Sep 17 00:00:00 2001
From: Sung-Jin Park <sj76.park@samsung.com>
Date: Thu, 28 Sep 2017 19:37:43 +0900
Subject: [PATCH] pepper: add sanity check for SHM base directory path from
 environment variable(s)

Change-Id: I4c030a425b6378a42ece3806ce54178118c811f9
Signed-off-by: Sung-Jin Park <sj76.park@samsung.com>
---
 src/lib/pepper/utils-file.c | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/lib/pepper/utils-file.c b/src/lib/pepper/utils-file.c
index d4a04e6..2fe9272 100644
--- a/src/lib/pepper/utils-file.c
+++ b/src/lib/pepper/utils-file.c
@@ -32,6 +32,7 @@
 #include <errno.h>
 #include <fcntl.h>
 #include <unistd.h>
+#include <linux/limits.h>
 
 static int
 set_cloexec_or_close(int fd)
@@ -79,7 +80,7 @@ PEPPER_API int
 pepper_create_anonymous_file(off_t size)
 {
 	static const char template[] = "/pepper-shared-XXXXXX";
-	const char *path;
+	char *path = NULL;
 	char *name;
 	int fd;
 	int ret;
@@ -93,13 +94,28 @@ pepper_create_anonymous_file(off_t size)
 		return -1;
 	}
 
+	path = strndup(path, PATH_MAX);
+	if (!path)
+	{
+		errno = ENOMEM;
+		return -1;
+	}
+
 	name = malloc(strlen(path) + sizeof(template));
 	if (!name)
+	{
+		free(path);
+		path = NULL;
+
 		return -1;
+	}
 
 	strncpy(name, path, strlen(path) + 1);
 	strncat(name, template, sizeof(template));
 
+	free(path);
+	path = NULL;
+
 	fd = create_tmpfile_cloexec(name);
 
 	free(name);
-- 
2.34.1